Hades

I did a quick search and hadn't seen this posted here yet.  I didn't write it, but I'll sure share it.  Hades is a cool little driver that can be used to trace binaries that detect WinAPIOveride.  I don't know if anyone has worked on a countermeasure for this, but it looks pretty trivial to do.  Of course, I don't know about the benefit of trying to defeat it since I don't know how many people are using it.  It was presented at Blackhat, so I figure it is probably seen a fair amount of use.

[Register or log in to view the URL]